> OK, so this customer wants to create havoc, and send out
> thousands of emails and include my email address
> ([EMAIL PROTECTED]) in the reply to/mailed from fields.
< This is called a Joe Job. Google it. There is essentially nothing
< that can be done to stop it, except publishing SPF records for
< your domain
Sandy,
It's hard to believe that from a programming standpoint that IMail couldn't
verify the sender's "reply to" and "mailed from" fields to see if these
email addresses exist within the Imail Administrator/registry. Imail knows
what email addresses have been created on this server, therefore why could
it not conceivably verify these addresses to see if they are Joe Jobs before
they are sent from my server?
You mention SPF... funny, but in a SPF discussion list that I am a member of
I am personally being ridiculed for my inability to prevent mailfrom
forgeries, Joe Jobs, and cross-user forgeries.
No settings within your MTA configuration have any effect on other
MTAs' willingness to accept forged mail from a valid address.
But that's not what I am referring to. I'm not interested in what other
MTA's do. I simply want to prevent my own customers from signing into my
IMail server with a username/password and then sending email with an invalid
"reply to" / "mailed from" data.
Phil
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
